Internal control is an organizational plan and its related measures implemented by an entity to motivate employees to follow company policies, protecting assets, enhancing operational efficiency, and also ensuring that there are reliable and accurate accounting records.
Sarbanes-Oxley Act is a legislation that requires firms to review their internal controls and takes responsibility for the completeness and accuracy of their accounting records. The act relates to internal controls because it requires that financial managers certify the accuracy of financial reports, failure to which there is a penalty. The act reinforces the disclosure requirement in firms in regards to pro forma statements and off-balance sheet arrangements, among others. Moreover, the act requires that firms carry out robust internal control tests and then attach their reports to the annual audits. Further, the act imposes fines for public entities committing fraud (Warren, Reeve & Duchac, 2009).
The five components of internal control include; control activities, risk assessment, information system, monitoring of controls as well as environment control. Environmental control entails factors such as ethical values, management philosophy, employee integrity, and guidance given out by the management. Risk assessment, on the other hand, involves evaluation of the risks such as fraud or wastage of resources emanating from internal and external sources after objectives have been set out by an entity. Assessment of the risk is critical to the management because it guides risk control. Control activities are the procedures that employees must adhere to so as to address risks attached to each objective. Allocation of duties to each employee is one of the procedures aimed at protecting the assets of an entity. The information system entails the collection of information from internal or external sources, and then the information is availed to the internal and external stakeholders. An information system is critical because it guides on decision making and ensuring that management goals are met. Finally, monitoring of controls is a process of assessing a firm’s internal control structures for effectiveness to enable adoption of relevant changes hence controlling risks (Warren, Reeve & Duchac, 2009).
An internal auditor is an employee of a firm. An internal auditor monitors and ensures that a firm’s employees are adhering to the organizational policies, the firm meets the required standards and efficient running of operations. On the other hand, an external auditor is an outside accountant who provides an independent assessment of the control structures to ensure that the presentation of financial records meets the generally accepted accounting principles (GAAP) (Warren, Reeve & Duchac, 2009).
Separation of duties is a practice that requires that someone else other than an employee tasked with the responsibility of protecting a firm’s asset, maintain the financial records for the asset. In such an arrangement, all employees have a shared responsibility for transactions in such a way that there are checks and balances among them. Separation of duties safeguard any risk of theft of assets or cover-up and enables detection of any fraud (Warren, Reeve & Duchac, 2009).
Internal control procedures related to e-commerce include encryption message, firewalls, passwords, personal identification numbers (PINs), and signature.
One of the limitations of internal controls is that they are more costly to most firms. Besides, they present a collusion potential because employees may decide to defraud a firm by outwitting the internal controls.
To control cash receipts over the counter, businesses use a point of sale terminal. To manage cash receipts by email, firms ensure that adequate separation of duties is adhered to.
To ensure control over purchases and payments by check, steps that can be taken include adherence to separation of duties, adoption of technology to encrypt and secure payments (Warren, Reeve & Duchac, 2009).